Strix
26.1K

CVE-2024-13451

HIGHCVSS 7.5/10EPSS 0.32%

Last modified

CVE-2024-13451 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.17.4 via file uploads due to insufficient directory listing prevention and lack of randomization of file names. This makes it possible for unauthenticated attackers to extract sensitive data including files uploaded via a form. EPSS estimates a 0.32% chance of exploitation in the next 30 days.

Description

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.17.4 via file uploads due to insufficient directory listing prevention and lack of randomization of file names. This makes it possible for unauthenticated attackers to extract sensitive data including files uploaded via a form. The vulnerability was partially patched in version 2.17.5.

Metrics

CVSS 3.1
7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Probability
0.32%

23.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
BitappsBit Form< 2.17.6

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2024-13451?
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.17.4 via file uploads due to insufficient directory listing prevention and lack of randomization of file names. This makes it possible for unauthenticated attackers to extract sensitive data including files uploaded via a form. The vulnerability was partially patched in version 2.17.5.
How severe is CVE-2024-13451?
CVE-2024-13451 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 0.32% probability of exploitation in the next 30 days.
How do I fix CVE-2024-13451?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-13451?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST